Please fill in the form below to subscribe to our blog

CISA Issues Official Activity Alert for BlueKeep

June 17, 2019

A security flaw in Remote Desktop Services (RDS) of outdated Microsoft operating systems known as BlueKeep (CVE-2019-0708) has caused quite the stir in the last month. In May, Microsoft released two warnings of the vulnerability and encouraged users to patch and/or upgrade their operating systems.

Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a rare official activity alert for BlueKeep. The affected OSs include Windows 2000, Windows Vista, Windows XP, and Windows Server 2003/2008. The agency recently tested the vulnerability against a Windows 2000 machine and achieved remote code execution, which indicates that it poses a severe threat of world-wide cyberattacks. Using BlueKeep, a malicious actor could add accounts; view, change or delete data; and gain the ability to install programs.

BlueKeep is considered “wormable”, meaning malware exploiting this vulnerability on an affected operating system could potentially propagate to other vulnerable systems. The Cybersecurity and Infrastructure Security Agency stated in their warning: “a BlueKeep exploit would be capable of rapidly spreading in a fashion similar to the WannaCry malware attacks of 2017.”

What Can You Do to Mitigate Your Risk?

No matter who you are, the main thing to do is to make sure you have installed the most recent patches and updates of your software!

If you think you may have an affected OS, it is vital that you make sure your information is secured. In addition to securing your data, the CISA recommends to “consider upgrading any End-Of-Life (EOL) operating systems no longer supported by Microsoft to a newer, supported OS, such as Windows 10.”

ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites.  SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.